- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Engine Pack Version 9.6.7
Engine Pack Version 9.6.7
CxSAST Engine
Languages & Frameworks
The Supported Code Languages and Frameworks lists all supported versions of code languages and frameworks.
Rust
The Rust support has been improved by adding additional queries.
The following queries are available as part of this version:
:High_Risk: Rust_High_Risk
DynamoDB_NoSQL_Injection
AWS_Credentials_Leak
:Medium_Risk: Rust_Medium_Threat
Excessive_Data_Exposure
External_Control_of_System_or_Config_Setting
Hardcoded_AWS_Credentials
Improper_Locking
PCI_Data_Exposure_in_JWT
Secret_Leak_in_JWT
Use_of_Native_Language
:Low_Risk: Rust_Low_Visibility
Compromised_CDN
Dangerous_File_Extension
Heap_Inspection
Improper_Resource_Shutdown_or_Release
Incorrect_Permission_Assignment_For_Critical_Resources
Off_By_One_Error
Race_Condition_In_Cross_Functionality
Serializable_Class_Containing_Sensitive_Data
sage_of_temp_dir
CSharp
CSharp support was updated to version 12.
RPG
The RPG Resolver performance was improved. As for the language, Prototypes are now represented as Method Signatures.
Presets
ASA Premium
The ASA Premium preset has been updated to include additional Rust queries.
CWE Top 25
The CWE Top 25 preset and its corresponding category have been updated to support version 2023.
Critical Severity
Critical severity will be added to the SAST engine's list of severity options in the upcoming major version, 9.7.0.
Queries
To include the Critical severity, all queries will be revised and their severity adjusted accordingly.
Details on the affected queries can be found on page Queries Severity Revision .
Presets
No new presets will be created or renamed.
The following presets will be updated:
High, Medium, and Low
Queries reviewed from High/Medium/Low to Critical are being kept on this preset.
Queries classified from High/Medium/Low to Info are being removed from this preset.
All other queries that are transitioning between High, Medium, and Low severities are kept in the preset
(Example: a query reclassified from High to Medium or Low to Medium will be kept in the preset).
High and Medium
Queries reviewed from High/Medium to Critical are being kept on this preset.
Queries reviewed from Low to Critical/High/Medium are being added to the preset.
Queries reviewed from High/Medium to Low/Info are being removed.
All other queries that are transitioning between High and Medium severities are kept in the preset
(Example: a query reviewed from Medium to High is kept in the preset).
No queries have been added or removed for all other presets. The only changes are reclassifications of query severities, as detailed in the URL above: Queries Severity Revision.
Scans & Results
New severity will be reflected only for new scans executed after upgrading to 9.7.0; older scans and results are unaffected.